npm - ts-ag - Versions diffs - 1.1.26 → 1.2.0 - Mend

ts-ag 1.1.26 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/dist/{cli-CoTTeqrl.mjs → cli-DAs6KeZ2.mjs} +1 -3
package/dist/index.d.mts +1 -1
package/dist/index.mjs +42 -3
package/dist/index.mjs.map +1 -1
package/dist/scripts/check-llrt-worker.mjs +642 -0
package/dist/scripts/ts-alias.mjs +3 -5
package/dist/scripts/ts-build-config.mjs +41 -18
package/dist/utils-DLairfc9.mjs +15 -0
package/dist/worker.d.mts +1067 -0
package/dist/worker.d.mts.map +1 -0
package/dist/worker.mjs +1603 -0
package/dist/worker.mjs.map +1 -0
package/package.json +9 -3
package/dist/cli-CoTTeqrl.mjs.map +0 -1
package/dist/fs-y6bE7U3-.mjs +0 -40
package/dist/fs-y6bE7U3-.mjs.map +0 -1
package/dist/scripts/ts-alias.d.mts +0 -31
package/dist/scripts/ts-alias.d.mts.map +0 -1
package/dist/scripts/ts-alias.mjs.map +0 -1
package/dist/scripts/ts-build-config.d.mts +0 -49
package/dist/scripts/ts-build-config.d.mts.map +0 -1
package/dist/scripts/ts-build-config.mjs.map +0 -1

package/dist/worker.d.mts ADDED Viewed

@@ -0,0 +1,1067 @@
+import * as v from "valibot";
+import { GenericSchema, GenericSchemaAsync, SafeParseResult } from "valibot";
+import * as _$cookie from "cookie";
+import { Result, ResultAsync } from "neverthrow";
+import * as _$_aws_sdk_client_cognito_identity_provider0 from "@aws-sdk/client-cognito-identity-provider";
+import { AdminGetUserCommandOutput, AttributeType, CognitoIdentityProviderClient } from "@aws-sdk/client-cognito-identity-provider";
+import { S3Client } from "@aws-sdk/client-s3";
+import { DynamoDBToolboxError } from "dynamodb-toolbox";
+import { Plugin } from "unified";
+import { APIGatewayProxyEventV2WithLambdaAuthorizer, APIGatewayProxyResultV2, APIGatewayRequestAuthorizerEventV2, Context } from "aws-lambda";
+import * as _$_smithy_types0 from "@smithy/types";
+import { PackageJson } from "type-fest";
+//#region src/lambda/handlerUtils.d.ts
+type SuccessCode = 200 | 201 | 204;
+type ErrorCode = 400 | 401 | 403 | 404 | 409 | 500;
+type ErrorBody = {
+  message: string;
+  field?: {
+    name: string;
+    value: string;
+  };
+};
+/**
+ * The error response for the lambda functions to return
+ */
+type ErrorRawProxyResultV2 = {
+  statusCode: ErrorCode;
+  headers?: {
+    [header: string]: string;
+  } | undefined;
+  body?: ErrorBody;
+  isBase64Encoded?: boolean | undefined;
+  cookies?: string[] | undefined;
+};
+type OkRawProxyResultV2 = {
+  statusCode: SuccessCode;
+  headers?: {
+    [header: string]: string;
+  } | undefined;
+  body?: object | undefined;
+  isBase64Encoded?: boolean | undefined;
+  cookies?: string[] | undefined;
+};
+/**
+ * A type for the raw proxy result - just using an object not a stirng for the body
+ */
+type RawProxyResultV2 = ErrorRawProxyResultV2 | OkRawProxyResultV2;
+type APIGatewayHandler<E> = (event: E, context: Context) => Promise<APIGatewayProxyResultV2>;
+type RawApiGatewayHandler<E extends APIGatewayProxyEventV2WithLambdaAuthorizer<any>> = (event: E, context: Context) => Promise<RawProxyResultV2>;
+/**
+ * Wraps a handler that returns the body as an object rather than a string.
+ *
+ * This means you can achieve proper type inference on your handler and have standardised serialisation
+ *
+ * @example
+```ts
+export type AuthorizerContext = {
+  details: JWTPayload;
+} | null;
+export const wrapHandler = baseWrapHandler<APIGatewayProxyEventV2WithLambdaAuthorizer<AuthorizerContext>>
+*/
+declare function wrapHandler<E extends APIGatewayProxyEventV2WithLambdaAuthorizer<any>>(handler: RawApiGatewayHandler<E>): APIGatewayHandler<E>;
+//#endregion
+//#region src/lambda/client-types.d.ts
+/**
+ * Extracts the requestInput type from an API endpoint definition
+ * @template E - Union type of all API endpoints
+ * @template P - Path string literal type (e.g. 'payments/account')
+ * @template M - HTTP method string literal type (e.g. 'GET', 'POST')
+ */
+type ApiInput<E extends ApiEndpoints, P extends E['path'], M extends E['method']> = Extract<E, {
+  path: P;
+  method: M;
+}>['requestInput'];
+/**
+ * Extracts the requestOutput type from an API endpoint definition
+ * @template E - Union type of all API endpoints
+ * @template P - Path string literal type (e.g. 'payments/account')
+ * @template M - HTTP method string literal type (e.g. 'GET', 'POST')
+ */
+type ApiOutput<E extends ApiEndpoints, P extends E['path'], M extends E['method']> = Extract<E, {
+  path: P;
+  method: M;
+}>['requestOutput'];
+/**
+ * Extracts the response type from an API endpoint definition
+ * @template E - Union type of all API endpoints
+ * @template P - Path string literal type (e.g. 'payments/account')
+ * @template M - HTTP method string literal type (e.g. 'GET', 'POST')
+ */
+type ApiResponse<E extends ApiEndpoints, P extends E['path'], M extends E['method']> = Extract<E, {
+  path: P;
+  method: M;
+}>['response'];
+/**
+ * Extracts the sucessful body type from an API endpoint definition
+ * @template E - Union type of all API endpoints
+ * @template P - Path string literal type (e.g. 'payments/account')
+ * @template M - HTTP method string literal type (e.g. 'GET', 'POST')
+ */
+type ApiSuccessBody<E extends ApiEndpoints, P extends E['path'], M extends E['method']> = Extract<Extract<E, {
+  path: P;
+  method: M;
+}>['response'], {
+  status: SuccessCode;
+}>['json'] extends (() => Promise<infer R>) ? R : unknown;
+/**
+ * Extracts the sucessful body type from an API endpoint definition
+ * @template E - Union type of all API endpoints
+ * @template P - Path string literal type (e.g. 'payments/account')
+ * @template M - HTTP method string literal type (e.g. 'GET', 'POST')
+ */
+type ApiErrorBody<E extends ApiEndpoints, P extends E['path'], M extends E['method']> = Extract<Extract<E, {
+  path: P;
+  method: M;
+}>['response'], {
+  status: ErrorCode;
+}>['json'] extends (() => Promise<infer R>) ? R : unknown;
+/**
+ * Converts a RawApiGatewayHandler response type to a fetch like response type.
+ */
+type ConvertToFetch<T> = T extends {
+  statusCode: number;
+  body: object;
+  headers: object;
+} ? {
+  ok: T['statusCode'] extends SuccessCode ? true : false;
+  json: () => Promise<T['body']>;
+  status: T['statusCode'];
+} : T;
+type CleanResponse = Omit<Response, 'status' | 'ok' | 'json'>;
+type FetchResponse<T extends (...args: any) => any> = ConvertToFetch<Awaited<ReturnType<T>>> & CleanResponse;
+declare const HTTPMethods: readonly ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS', 'HEAD'];
+type HTTPMethod = (typeof HTTPMethods)[number];
+type ApiEndpoints = {
+  path: string;
+  method: HTTPMethod;
+  requestInput: Record<string, any> | null;
+  requestOutput: object | null;
+  response: FetchResponse<() => Promise<{
+    headers: object;
+    statusCode: SuccessCode;
+    body: any;
+  } | {
+    headers: object;
+    statusCode: ErrorCode;
+    body: ErrorBody;
+  }>>;
+};
+//#endregion
+//#region src/lambda/client.d.ts
+declare const HTTPMethods$1: readonly ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS', 'HEAD'];
+type HTTPMethod$1 = (typeof HTTPMethods$1)[number];
+type ApiRequestFunction<API extends ApiEndpoints> = <Path extends API['path'], Method extends Extract<API, {
+  path: Path;
+}>['method']>(path: Path, method: Method, input: ApiInput<API, Path, Method>, headers?: HeadersInit) => Promise<ApiResponse<API, Path, Method>>;
+type ApiSchema = v.GenericSchema | v.GenericSchemaAsync;
+/**
+ * @returns A function that can be used to make API requests with type safety
+ * @example const clientApiRequest = createApiRequest<ApiEndpoints>();
+ */
+declare function createApiRequest<API extends ApiEndpoints>(schemas: Partial<Record<API['path'], Partial<Record<HTTPMethod$1, ApiSchema>>>>, apiUrl: string, env: string): ApiRequestFunction<API>;
+//#endregion
+//#region src/lambda/errors.d.ts
+/**
+ * These are the various errors that should be returned from anything called by a lambda function.
+ *
+ * Pass a lambda error to the errorResponse function to get a suitable response to return from the lambda handler.
+ *
+ * The separation means that they can be returned from functions that are certainly run inside a lambda fucntion but theyre not the actual return of the lambda.
+ * Im not sure it this is optimal behaviour and if not we will migrate to only using the errorResponse function
+ */
+declare const error_lambda_badRequest: (message: string, fieldName?: string, fieldValue?: string) => type_error_lambda_badRequest;
+declare const error_lambda_unauthorized: (message: string) => type_error_lambda_unauthorized;
+declare const error_lambda_forbidden: (message: string) => type_error_lambda_forbidden;
+declare const error_lambda_notFound: (message: string, fieldName?: string, fieldValue?: string) => type_error_lambda_notFound;
+declare const error_lambda_conflict: (message: string, fieldName?: string, fieldValue?: string) => type_error_lambda_conflict;
+declare const error_lambda_internal: (message: string) => type_error_lambda_internal;
+type type_error_lambda_badRequest = {
+  type: 'badRequest';
+  message: string;
+  fieldName?: string;
+  fieldValue?: string;
+};
+type type_error_lambda_unauthorized = {
+  type: 'unauthorized';
+  message: string;
+};
+type type_error_lambda_forbidden = {
+  type: 'forbidden';
+  message: string;
+};
+type type_error_lambda_notFound = {
+  type: 'notFound';
+  message: string;
+  fieldName?: string;
+  fieldValue?: string;
+};
+type type_error_lambda_conflict = {
+  type: 'conflict';
+  message: string;
+  fieldName?: string;
+  fieldValue?: string;
+};
+type type_error_lambda_internal = {
+  type: 'internal';
+  message: string;
+};
+type type_error_lambda = type_error_lambda_badRequest | type_error_lambda_unauthorized | type_error_lambda_forbidden | type_error_lambda_notFound | type_error_lambda_conflict | type_error_lambda_internal;
+//#endregion
+//#region src/lambda/response.d.ts
+declare function field(obj: {
+  fieldName?: string;
+  fieldValue?: string;
+}): {
+  field?: undefined;
+} | {
+  field: {
+    name: string;
+    value: string;
+  };
+};
+type type_error_response = Omit<ErrorRawProxyResultV2, 'headers' | 'body'> & {
+  headers: NonNullable<ErrorRawProxyResultV2['headers']>;
+  body: NonNullable<ErrorRawProxyResultV2['body']>;
+};
+type LambdaErrorResponse<Type extends string = '', Extras extends object = {}> = {
+  headers: Record<string, string>;
+  statusCode: 400;
+  body: {
+    message: string;
+    type: Type;
+  } & ReturnType<typeof field> & Extras;
+} | {
+  headers: Record<string, string>;
+  statusCode: 401;
+  body: {
+    message: string;
+    type: Type;
+  } & Extras;
+} | {
+  headers: Record<string, string>;
+  statusCode: 403;
+  body: {
+    message: string;
+    type: Type;
+  } & Extras;
+} | {
+  headers: Record<string, string>;
+  statusCode: 404;
+  body: {
+    message: string;
+    type: Type;
+  } & ReturnType<typeof field> & Extras;
+} | {
+  headers: Record<string, string>;
+  statusCode: 409;
+  body: {
+    message: string;
+    type: Type;
+  } & ReturnType<typeof field> & Extras;
+} | {
+  headers: Record<string, string>;
+  statusCode: 500;
+  body: {
+    message: string;
+    type: Type;
+  } & Extras;
+};
+/**
+ * Maps lambda errors to responses suitable to return from lambda functions
+ * @param e
+ * @param headers
+ * @param type
+ * @param extras
+ * @returns
+ */
+declare function response_error<Type extends string = '', Extras extends object = {}>(e: type_error_lambda, headers: Record<string, string>, type?: Type, extras?: Extras): LambdaErrorResponse<Type, Extras>;
+/**
+ * Helper function to get a reasonable default error response from a valibot parse result
+ * @param res - The output from calling safeParse on the input
+ * @param headers - The headers to return in the response
+ */
+declare function response_valibotError(res: Extract<SafeParseResult<any>, {
+  success: false;
+}>, headers: any): LambdaErrorResponse<"", {}>;
+declare function response_ok<Body extends {
+  message: string;
+}>(body: Body, headers: any, cookies?: string[] | undefined): {
+  headers: any;
+  cookies: string[] | undefined;
+  statusCode: 200;
+  body: Body;
+};
+//#endregion
+//#region src/lambda/server/authentication.d.ts
+/**
+ * Wraps cookies parse along with the api gateway event with neverthrow
+ */
+declare const getCookies: (event: APIGatewayProxyEventV2WithLambdaAuthorizer<any> | APIGatewayRequestAuthorizerEventV2) => Result<_$cookie.Cookies, type_error_lambda_unauthorized>;
+//#endregion
+//#region src/cognito/client.d.ts
+/**
+ * Convenience function if process.env.AWS_REGION is set
+ */
+declare function getCognitoClient(): CognitoIdentityProviderClient;
+//#endregion
+//#region src/cognito/errors.d.ts
+/** Error wrapper for failures that happen while doing Cognito SDK work. */
+type type_error_cognito = {
+  type: 'cognito';
+  error: unknown;
+};
+/** Internal reason used before converting Cognito errors into public lambda errors. */
+type type_error_lambda_fromCognito_reason = 'auth' | 'forbidden' | 'invalidInput' | 'userNotFound' | 'resourceNotFound' | 'tooManyRequests' | 'passwordPolicy' | 'passwordHistory' | 'passwordResetRequired' | 'codeExpired' | 'codeMismatch' | 'delivery' | 'userExists' | 'conflict' | 'internal';
+/** Per-reason public response override for endpoint-specific privacy and status choices. */
+type type_error_lambda_fromCognito_override = {
+  message?: string;
+} | Partial<type_error_lambda>;
+/** Options for converting Cognito errors to lambda errors. */
+type type_error_lambda_fromCognito_options = Partial<Record<type_error_lambda_fromCognito_reason, type_error_lambda_fromCognito_override>>;
+/** Wrap an unknown caught value as a Cognito-domain error for neverthrow flows. */
+declare function error_cognito(error: unknown): type_error_cognito;
+/** Convert AWS SDK Cognito errors into a safe lambda error for API responses. */
+declare function error_lambda_fromCognito(e: type_error_cognito, options?: type_error_lambda_fromCognito_options): type_error_lambda;
+//#endregion
+//#region src/cognito/user.d.ts
+type type_userResponse = Omit<AdminGetUserCommandOutput, 'UserAttributes'> & {
+  UserAttributes: Record<string, string>;
+};
+/**
+ * Performs an AdminGetUserCommand and extracts the user attributes into an object
+ */
+declare const getUserDetails: (a: {
+  username: string;
+  userPoolId: string;
+}) => ResultAsync<type_userResponse, type_error_cognito>;
+/**
+ * @returns An object of attributes with their names as keys and values as values.
+ */
+declare function extractAttributes(attrs: AttributeType[] | undefined): Record<string, string>;
+/**
+ * Performs an AdminGetUserCommand and extracts the user attributes into an object
+ */
+declare const getUserGroups: (a: {
+  username: string;
+  userPoolId: string;
+}) => ResultAsync<_$_aws_sdk_client_cognito_identity_provider0.AdminListGroupsForUserCommandOutput, type_error_cognito>;
+//#endregion
+//#region src/cognito/password.d.ts
+/**
+ * Computes Cognito secret hash used for client-side authentication flows.
+ *
+ * @param username - Cognito username or alias.
+ * @param clientId - Cognito app client ID.
+ * @param clientSecret - Cognito app client secret.
+ */
+declare function computeSecretHash(username: string, clientId: string, clientSecret: string): string;
+/**
+ * Changes a user's password given a valid access token.
+ *
+ * @param accessToken - Access token for the authenticated user.
+ * @param oldPassword - Current password.
+ * @param newPassword - New password to set.
+ */
+declare const changePassword: (accessToken: string, oldPassword: string, newPassword: string) => ResultAsync<_$_aws_sdk_client_cognito_identity_provider0.ChangePasswordCommandOutput, type_error_cognito>;
+/**
+ * Completes a forgot-password flow by submitting the confirmation code and new password.
+ *
+ * @param a.username - Cognito username or alias.
+ * @param a.confirmationCode - Code sent by Cognito to the user.
+ * @param a.newPassword - New password to set.
+ * @param a.clientId - Cognito app client ID.
+ * @param a.clientSecret - Cognito app client secret.
+ */
+declare const confirmForgotPassword: (a: {
+  username: string;
+  confirmationCode: string;
+  newPassword: string;
+  clientId: string;
+  clientSecret: string;
+}) => ResultAsync<_$_aws_sdk_client_cognito_identity_provider0.ConfirmForgotPasswordCommandOutput, type_error_cognito>;
+/**
+ * Confirms a user's signup using the confirmation code sent by Cognito.
+ *
+ * @param a.username - Cognito username or alias.
+ * @param a.confirmationCode - Code sent to the user after signup.
+ * @param a.clientId - Cognito app client ID.
+ * @param a.clientSecret - Cognito app client secret.
+ */
+declare const confirmSignup: (a: {
+  username: string;
+  confirmationCode: string;
+  clientId: string;
+  clientSecret: string;
+}) => ResultAsync<_$_aws_sdk_client_cognito_identity_provider0.ConfirmSignUpCommandOutput, type_error_cognito>;
+/**
+ * Starts a forgot-password flow by sending a reset code to the user.
+ *
+ * @param a.username - Cognito username or alias.
+ * @param a.clientId - Cognito app client ID.
+ * @param a.clientSecret - Cognito app client secret.
+ */
+declare const forgotPassword: (a: {
+  username: string;
+  clientId: string;
+  clientSecret: string;
+}) => ResultAsync<_$_aws_sdk_client_cognito_identity_provider0.ForgotPasswordCommandOutput, type_error_cognito>;
+/**
+ * Signs a user in with ADMIN_USER_PASSWORD_AUTH.
+ *
+ * @param a.username - Cognito username or alias.
+ * @param a.password - User password.
+ * @param a.clientId - Cognito app client ID.
+ * @param a.clientSecret - Cognito app client secret.
+ * @param a.userPoolId - Cognito user pool ID.
+ */
+declare const login: (a: {
+  username: string;
+  password: string;
+  clientId: string;
+  clientSecret: string;
+  userPoolId: string;
+}) => ResultAsync<_$_aws_sdk_client_cognito_identity_provider0.AdminInitiateAuthCommandOutput, type_error_cognito>;
+/**
+ * Exchanges a refresh token for new tokens.
+ *
+ * @param a.username - Cognito username or alias used to compute secret hash.
+ * @param a.refreshToken - Refresh token to exchange.
+ * @param a.clientId - Cognito app client ID.
+ * @param a.clientSecret - Cognito app client secret.
+ * @param a.userPoolId - Cognito user pool ID.
+ */
+declare const refreshTokens: (a: {
+  username: string;
+  refreshToken: string;
+  clientId: string;
+  clientSecret: string;
+  userPoolId: string;
+}) => ResultAsync<_$_aws_sdk_client_cognito_identity_provider0.AdminInitiateAuthCommandOutput, type_error_cognito>;
+/**
+ * Globally signs out a user by invalidating all refresh tokens.
+ *
+ * @param accessToken - Access token for the authenticated user.
+ */
+declare const logout: (accessToken: string) => ResultAsync<_$_aws_sdk_client_cognito_identity_provider0.GlobalSignOutCommandOutput, type_error_cognito>;
+/**
+ * Completes a NEW_PASSWORD_REQUIRED challenge for users who must set a new password.
+ *
+ * @param a.session - Session returned from the auth challenge.
+ * @param a.newPassword - New password to set.
+ * @param a.username - Cognito username or alias.
+ * @param a.clientId - Cognito app client ID.
+ * @param a.clientSecret - Cognito app client secret.
+ */
+declare const resetPassword: (a: {
+  session: string;
+  newPassword: string;
+  username: string;
+  clientId: string;
+  clientSecret: string;
+}) => ResultAsync<_$_aws_sdk_client_cognito_identity_provider0.RespondToAuthChallengeCommandOutput, type_error_cognito>;
+/**
+ * Registers a new user with Cognito and optional custom attributes.
+ *
+ * @param a.username - Cognito username.
+ * @param a.password - User password.
+ * @param a.clientId - Cognito app client ID.
+ * @param a.clientSecret - Cognito app client secret.
+ * @param a.<attribute> - Any additional user attributes to set.
+ */
+declare const signUp: (a: {
+  username: string;
+  password: string;
+  clientId: string;
+  clientSecret: string;
+} & Record<string, unknown>) => ResultAsync<_$_aws_sdk_client_cognito_identity_provider0.SignUpCommandOutput, type_error_cognito>;
+/**
+ * Exchanges an OAuth2 authorization code for Cognito tokens using the token endpoint.
+ * See https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html for request/response fields and grant details.
+ *
+ * @param a.code - Authorization code returned by the hosted UI.
+ * @param a.redirectUri - Redirect URI registered with the app client.
+ * @param a.clientId - Cognito app client ID.
+ * @param a.clientSecret - Cognito app client secret used for Basic Auth.
+ * @param a.cognitoDomain - Cognito domain URL (e.g., your-domain.auth.region.amazoncognito.com).
+ * @returns Parsed token payload containing `access_token`, `id_token`, `refresh_token`, token type, and expiry.
+ */
+declare const verifyOAuthToken: (a: {
+  code: string;
+  redirectUri: string;
+  clientId: string;
+  clientSecret: string;
+  cognitoDomain: string;
+}) => ResultAsync<{
+  access_token: string;
+  id_token: string;
+  refresh_token: string;
+  token_type: string;
+  expires_in: number;
+}, type_error_cognito>;
+/**
+ * Exchanges an OAuth2 refresh token for Cognito tokens using the oauth token endpoint.
+ * See https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html for request/response fields and grant details.
+ *
+ * @param a.redirectUri - Redirect URI registered with the app client.
+ * @param a.clientId - Cognito app client ID.
+ * @param a.clientSecret - Cognito app client secret used for Basic Auth.
+ * @param a.cognitoDomain - Cognito domain URL (e.g., your-domain.auth.region.amazoncognito.com).
+ * @returns Parsed token payload containing `access_token`, `id_token`, `refresh_token`, token type, and expiry.
+ */
+declare const refreshOAuthToken: (a: {
+  clientId: string;
+  clientSecret: string;
+  cognitoDomain: string;
+  refreshToken: string;
+}) => ResultAsync<{
+  access_token: string;
+  id_token: string;
+  refresh_token: string | undefined;
+  token_type: string;
+  expires_in: number;
+}, type_error_cognito>;
+//#endregion
+//#region src/s3/client.d.ts
+/**
+ * Convenience function for S3Client when process.env.REGION is set
+ */
+declare function getS3(): S3Client;
+//#endregion
+//#region src/s3/errors.d.ts
+/** Error wrapper for failures that happen while doing S3 SDK work. */
+type type_error_s3 = {
+  type: 's3';
+  error: unknown;
+};
+/** Internal reason used before converting S3 errors into public lambda errors. */
+type type_error_lambda_fromS3_reason = 'invalidInput' | 'objectNotFound' | 'bucketNotFound' | 'conflict' | 'throttled' | 'accessDenied' | 'internal';
+/** Per-reason public response override for endpoint-specific privacy and status choices. */
+type type_error_lambda_fromS3_override = {
+  message?: string;
+} | Partial<type_error_lambda>;
+/** Options for converting S3 errors to lambda errors. */
+type type_error_lambda_fromS3_options = Partial<Record<type_error_lambda_fromS3_reason, type_error_lambda_fromS3_override>>;
+/** Wrap an unknown caught value as an S3-domain error for neverthrow flows. */
+declare function error_s3(error: unknown): type_error_s3;
+/** Convert AWS SDK S3 errors into a safe lambda error for API responses. */
+declare function error_lambda_fromS3(e: type_error_s3, options?: type_error_lambda_fromS3_options): type_error_lambda;
+/** Returns true for normal S3 object-missing responses. */
+declare function is_s3_notFound(error: unknown): boolean;
+//#endregion
+//#region src/s3/signedUrl.d.ts
+declare const getSignedUrl: <InputTypesUnion extends object, InputType extends InputTypesUnion, OutputType extends _$_smithy_types0.MetadataBearer = _$_smithy_types0.MetadataBearer>(client: _$_aws_sdk_client_cognito_identity_provider0.__Client<any, InputTypesUnion, _$_smithy_types0.MetadataBearer, any>, command: _$_aws_sdk_client_cognito_identity_provider0.$Command<InputType, OutputType, any, InputTypesUnion, _$_smithy_types0.MetadataBearer>, options?: _$_smithy_types0.RequestPresigningArguments | undefined) => ResultAsync<string, void>;
+//#endregion
+//#region src/s3/object.d.ts
+/**
+ * Retrieves an object from an S3 bucket.
+ *
+ * @param {string} bucketName - The name of the S3 bucket.
+ * @param {string} key - The key of the object to retrieve.
+ * @returns {Promise<Buffer>} A promise that resolves to the object data as a Buffer.
+ */
+declare const getObject: (bucketName: string, key: string) => ResultAsync<Buffer<ArrayBufferLike>, type_error_s3>;
+/**
+ * Convenience function to get an object from S3 and return it as a string.
+ */
+declare function getObjectString(bucketName: string, key: string): ResultAsync<string, type_error_s3>;
+/**
+ * Checks if an object exists in an s3 bucket by retrieving the HEAD data
+ *
+ * @param {string} bucketName - The name of the S3 bucket.
+ * @param {string} key - The key of the object to retrieve.
+ * @returns {Promise<Buffer>} A promise that resolves to a boolean.
+ */
+declare const objectExists: (bucketName: string, key: string) => ResultAsync<boolean, type_error_s3>;
+//#endregion
+//#region src/dynamo/errors.d.ts
+/** Error wrapper for failures that happen while doing DynamoDB or DynamoDB Toolbox work. */
+type type_error_dynamo = {
+  type: 'dynamo';
+  error: DynamoDBToolboxError | unknown;
+};
+/** Internal reason used before converting Dynamo-related errors into public lambda errors. */
+type type_error_lambda_fromDynamo_reason = 'invalidInput' | 'conditionalCheckFailed' | 'transactionConflict' | 'resourceNotFound' | 'throttled' | 'accessDenied' | 'internal';
+/** Per-reason public response override for endpoint-specific privacy and status choices. */
+type type_error_lambda_fromDynamo_override = {
+  message?: string;
+} | Partial<type_error_lambda>;
+/** Options for converting Dynamo errors to lambda errors. */
+type type_error_lambda_fromDynamo_options = Partial<Record<type_error_lambda_fromDynamo_reason, type_error_lambda_fromDynamo_override>> & {
+  /**
+   * By default DynamoDB and DynamoDB Toolbox details are not returned to clients.
+   * Set this to true only when the Toolbox path is already a public input field.
+   */
+  includeToolboxPath?: boolean;
+};
+/** Wrap an unknown caught value as a Dynamo-domain error for neverthrow flows. */
+declare function error_dynamo(error: unknown): type_error_dynamo;
+/** Convert DynamoDB Toolbox or AWS SDK errors into a safe lambda error for API responses. */
+declare function error_lambda_fromDynamo(e: type_error_dynamo, options?: type_error_lambda_fromDynamo_options): type_error_lambda;
+//#endregion
+//#region src/ses/errors.d.ts
+/** Error wrapper for failures that happen while doing SES SDK work. */
+type type_error_ses = {
+  type: 'ses';
+  error: unknown;
+};
+/** Internal reason used before converting SES errors into public lambda errors. */
+type type_error_lambda_fromSes_reason = 'invalidInput' | 'messageRejected' | 'identityNotVerified' | 'notFound' | 'alreadyExists' | 'conflict' | 'throttled' | 'accessDenied' | 'internal';
+/** Per-reason public response override for endpoint-specific privacy and status choices. */
+type type_error_lambda_fromSes_override = {
+  message?: string;
+} | Partial<type_error_lambda>;
+/** Options for converting SES errors to lambda errors. */
+type type_error_lambda_fromSes_options = Partial<Record<type_error_lambda_fromSes_reason, type_error_lambda_fromSes_override>>;
+/** Wrap an unknown caught value as an SES-domain error for neverthrow flows. */
+declare function error_ses(error: unknown): type_error_ses;
+/** Convert AWS SDK SES errors into a safe lambda error for API responses. */
+declare function error_lambda_fromSes(e: type_error_ses, options?: type_error_lambda_fromSes_options): type_error_lambda;
+//#endregion
+//#region node_modules/.pnpm/@types+unist@3.0.3/node_modules/@types/unist/index.d.ts
+// ## Interfaces
+/**
+ * Info associated with nodes by the ecosystem.
+ *
+ * This space is guaranteed to never be specified by unist or specifications
+ * implementing unist.
+ * But you can use it in utilities and plugins to store data.
+ *
+ * This type can be augmented to register custom data.
+ * For example:
+ *
+ * ```ts
+ * declare module 'unist' {
+ *   interface Data {
+ *     // `someNode.data.myId` is typed as `number | undefined`
+ *     myId?: number | undefined
+ *   }
+ * }
+ * ```
+ */
+interface Data$1 {}
+/**
+ * One place in a source file.
+ */
+interface Point {
+  /**
+   * Line in a source file (1-indexed integer).
+   */
+  line: number;
+  /**
+   * Column in a source file (1-indexed integer).
+   */
+  column: number;
+  /**
+   * Character in a source file (0-indexed integer).
+   */
+  offset?: number | undefined;
+}
+/**
+ * Position of a node in a source document.
+ *
+ * A position is a range between two points.
+ */
+interface Position {
+  /**
+   * Place of the first character of the parsed source region.
+   */
+  start: Point;
+  /**
+   * Place of the first character after the parsed source region.
+   */
+  end: Point;
+}
+/**
+ * Abstract unist node.
+ *
+ * The syntactic unit in unist syntax trees are called nodes.
+ *
+ * This interface is supposed to be extended.
+ * If you can use {@link Literal} or {@link Parent}, you should.
+ * But for example in markdown, a `thematicBreak` (`***`), is neither literal
+ * nor parent, but still a node.
+ */
+interface Node$1 {
+  /**
+   * Node type.
+   */
+  type: string;
+  /**
+   * Info from the ecosystem.
+   */
+  data?: Data$1 | undefined;
+  /**
+   * Position of a node in a source document.
+   *
+   * Nodes that are generated (not in the original source document) must not
+   * have a position.
+   */
+  position?: Position | undefined;
+}
+//#endregion
+//#region node_modules/.pnpm/@types+hast@3.0.4/node_modules/@types/hast/index.d.ts
+// ## Interfaces
+/**
+ * Info associated with hast nodes by the ecosystem.
+ *
+ * This space is guaranteed to never be specified by unist or hast.
+ * But you can use it in utilities and plugins to store data.
+ *
+ * This type can be augmented to register custom data.
+ * For example:
+ *
+ * ```ts
+ * declare module 'hast' {
+ *   interface Data {
+ *     // `someNode.data.myId` is typed as `number | undefined`
+ *     myId?: number | undefined
+ *   }
+ * }
+ * ```
+ */
+interface Data extends Data$1 {}
+/**
+ * Info associated with an element.
+ */
+interface Properties {
+  [PropertyName: string]: boolean | number | string | null | undefined | Array<string | number>;
+}
+// ## Content maps
+/**
+ * Union of registered hast nodes that can occur in {@link Element}.
+ *
+ * To register mote custom hast nodes, add them to {@link ElementContentMap}.
+ * They will be automatically added here.
+ */
+type ElementContent = ElementContentMap[keyof ElementContentMap];
+/**
+ * Registry of all hast nodes that can occur as children of {@link Element}.
+ *
+ * For a union of all {@link Element} children, see {@link ElementContent}.
+ */
+interface ElementContentMap {
+  comment: Comment;
+  element: Element;
+  text: Text;
+}
+/**
+ * Union of registered hast nodes that can occur in {@link Root}.
+ *
+ * To register custom hast nodes, add them to {@link RootContentMap}.
+ * They will be automatically added here.
+ */
+type RootContent = RootContentMap[keyof RootContentMap];
+/**
+ * Registry of all hast nodes that can occur as children of {@link Root}.
+ *
+ * > 👉 **Note**: {@link Root} does not need to be an entire document.
+ * > it can also be a fragment.
+ *
+ * For a union of all {@link Root} children, see {@link RootContent}.
+ */
+interface RootContentMap {
+  comment: Comment;
+  doctype: Doctype;
+  element: Element;
+  text: Text;
+}
+// ## Abstract nodes
+/**
+ * Abstract hast node.
+ *
+ * This interface is supposed to be extended.
+ * If you can use {@link Literal} or {@link Parent}, you should.
+ * But for example in HTML, a `Doctype` is neither literal nor parent, but
+ * still a node.
+ *
+ * To register custom hast nodes, add them to {@link RootContentMap} and other
+ * places where relevant (such as {@link ElementContentMap}).
+ *
+ * For a union of all registered hast nodes, see {@link Nodes}.
+ */
+interface Node extends Node$1 {
+  /**
+   * Info from the ecosystem.
+   */
+  data?: Data | undefined;
+}
+/**
+ * Abstract hast node that contains the smallest possible value.
+ *
+ * This interface is supposed to be extended if you make custom hast nodes.
+ *
+ * For a union of all registered hast literals, see {@link Literals}.
+ */
+interface Literal extends Node {
+  /**
+   * Plain-text value.
+   */
+  value: string;
+}
+/**
+ * Abstract hast node that contains other hast nodes (*children*).
+ *
+ * This interface is supposed to be extended if you make custom hast nodes.
+ *
+ * For a union of all registered hast parents, see {@link Parents}.
+ */
+interface Parent extends Node {
+  /**
+   * List of children.
+   */
+  children: RootContent[];
+}
+// ## Concrete nodes
+/**
+ * HTML comment.
+ */
+interface Comment extends Literal {
+  /**
+   * Node type of HTML comments in hast.
+   */
+  type: "comment";
+  /**
+   * Data associated with the comment.
+   */
+  data?: CommentData | undefined;
+}
+/**
+ * Info associated with hast comments by the ecosystem.
+ */
+interface CommentData extends Data {}
+/**
+ * HTML document type.
+ */
+interface Doctype extends Node$1 {
+  /**
+   * Node type of HTML document types in hast.
+   */
+  type: "doctype";
+  /**
+   * Data associated with the doctype.
+   */
+  data?: DoctypeData | undefined;
+}
+/**
+ * Info associated with hast doctypes by the ecosystem.
+ */
+interface DoctypeData extends Data {}
+/**
+ * HTML element.
+ */
+interface Element extends Parent {
+  /**
+   * Node type of elements.
+   */
+  type: "element";
+  /**
+   * Tag name (such as `'body'`) of the element.
+   */
+  tagName: string;
+  /**
+   * Info associated with the element.
+   */
+  properties: Properties;
+  /**
+   * Children of element.
+   */
+  children: ElementContent[];
+  /**
+   * When the `tagName` field is `'template'`, a `content` field can be
+   * present.
+   */
+  content?: Root | undefined;
+  /**
+   * Data associated with the element.
+   */
+  data?: ElementData | undefined;
+}
+/**
+ * Info associated with hast elements by the ecosystem.
+ */
+interface ElementData extends Data {}
+/**
+ * Document fragment or a whole document.
+ *
+ * Should be used as the root of a tree and must not be used as a child.
+ *
+ * Can also be used as the value for the content field on a `'template'` element.
+ */
+interface Root extends Parent {
+  /**
+   * Node type of hast root.
+   */
+  type: "root";
+  /**
+   * Children of root.
+   */
+  children: RootContent[];
+  /**
+   * Data associated with the hast root.
+   */
+  data?: RootData | undefined;
+}
+/**
+ * Info associated with hast root nodes by the ecosystem.
+ */
+interface RootData extends Data {}
+/**
+ * HTML character data (plain text).
+ */
+interface Text extends Literal {
+  /**
+   * Node type of HTML character data (plain text) in hast.
+   */
+  type: "text";
+  /**
+   * Data associated with the text.
+   */
+  data?: TextData | undefined;
+}
+/**
+ * Info associated with hast texts by the ecosystem.
+ */
+interface TextData extends Data {}
+//#endregion
+//#region src/rehype/flat-toc.d.ts
+/**
+ * This rehype plugin extracts the headings from the markdown elements but also the raw elements.
+ * So we get html headings in the TOC as well
+ *
+ * It sets the file.data.fm.toc to a flat map of the toc
+ */
+declare const extractToc: Plugin<[], Root>;
+type Toc = TocEntry[];
+type TocEntry = {
+  level: number;
+  id: string;
+  value: string;
+};
+/**
+ * Parses raw HTML and returns a flat array of all heading (h1-h6) elements as HAST nodes.
+ */
+declare function parseRaw(raw: string): Element[];
+//#endregion
+//#region src/utils/valibot.d.ts
+declare function isSchema(x: unknown): x is GenericSchema;
+declare function unwrap(schema: GenericSchema): GenericSchema;
+type GetSchemaByPathOptions = {
+  /**
+   * When a union/variant cannot be narrowed by the path segment,
+   * choose index `preferOption` (default 0). Set to -1 to return undefined instead.
+   */
+  preferOption?: number;
+};
+declare function getSchemaByPath(root: GenericSchema | GenericSchemaAsync, path: string, opts?: GetSchemaByPathOptions): GenericSchema | undefined;
+//#endregion
+//#region src/types/deep.d.ts
+/**
+ * @example
+ * type HomeOverridden = DeepOverride<Home, {
+ *   test: {
+ *     featuredImages: never; // Removing the property
+ *     meta: {
+ *       updatedAt: string; // Changing the type
+ *     };
+ *   };
+ * }>;
+ */
+type DeepOverride<T, R> = { [K in keyof T]: K extends keyof R ? R[K] extends infer RK ? RK extends Record<string, any> ? T[K] extends Record<string, any> ? DeepOverride<T[K], RK> : RK : RK extends Array<infer RU> ? T[K] extends Array<infer TU> ? Array<DeepOverride<TU, RU>> : RK : RK : never : T[K] };
+type Primitive = string | number | boolean | bigint | symbol | null | undefined | Date | RegExp | Function;
+type DeepPartial<T> = T extends Primitive ? T : T extends readonly (infer U)[] ? readonly U[] : T extends object ? { [K in keyof T]?: DeepPartial<T[K]> } : T;
+type DeepRequired<T> = { [P in keyof T]-?: NonNullable<T[P] extends object ? (T[P] extends Function ? T[P] : DeepRequired<T[P]>) : T[P]> };
+/**
+ * Recursively readonly
+ */
+type DeepReadonly<T> = T extends ((...args: any) => any) ? T : T extends object ? { readonly [K in keyof T]: DeepReadonly<T[K]> } : T;
+//#endregion
+//#region src/utils/object.d.ts
+/**
+ * Sets the value for an object by its dot path
+ * @param obj - any object
+ * @param path - the dot path eg. key1.0.1.key2
+ * @param value - any value
+ * @returns - the modified object
+ */
+declare function setByPath<T extends object>(obj: T, path: string, value: any): T;
+/**
+ * Gets the value from an object by its dot path
+ * @param obj - any object
+ * @param path - the dot path eg. key1.0.1.key2
+ * @returns - the value at the given path or undefined
+ */
+declare function getByPath<T extends object>(obj: T, path: string): any;
+/**
+ * Returns a deep "patch" object containing only the fields from `b`
+ * that are different from `a`.
+ *
+ * Behavior:
+ * - Only keys from `b` can appear in the result.
+ * - New keys in `b` are included.
+ * - Changed primitive/array values are included as the value from `b`.
+ * - For nested plain objects, it recurses and returns only the differing nested fields.
+ * - Arrays are treated as atomic (if different, the whole array from `b` is returned).
+ *
+ * Typing:
+ * - Output is `DeepPartial<B>` because only a subset of `b`'s shape is returned.
+ *
+ * @template A
+ * @template B
+ * @param {A} a - Base/original object (can be a different shape than `b`).
+ * @param {B} b - Updated object; output keys come from this object.
+ * @returns {DeepPartial<B>} Deep partial of `b` containing only differences vs `a`.
+ */
+declare const deepDiff: <A extends object, B extends object>(a: A, b: B) => DeepPartial<B>;
+/**
+ * Deeply prunes `source` to match the *shape* of `shape`.
+ *
+ * Rules:
+ * - Only keys that exist on `shape` are kept.
+ * - Pruning is deep for nested plain objects.
+ * - Arrays are supported by using the first element of `shape` as the element-shape.
+ *   - If `shape` is `[]`, returns `[]` (drops all elements).
+ * - Primitive values are kept as-is (no type coercion) if the key exists in `shape`.
+ * - If `shape` expects an object/array but `source` is not compatible, returns an empty object/array of that shape.
+ *
+ * @typeParam S - Source object type.
+ * @typeParam Sh - Shape object type.
+ * @param source - The object to prune.
+ * @param shape - The object whose keys/structure are the allowlist.
+ * @returns A new value derived from `source`, containing only fields present in `shape`, pruned deeply.
+ *
+ * @example
+ * const source = { a: 1, b: { c: 2, d: 3 }, e: [ { x: 1, y: 2 }, { x: 3, y: 4 } ], z: 9 };
+ * const shape  = { a: 0, b: { c: 0 }, e: [ { x: 0 } ] };
+ * // => { a: 1, b: { c: 2 }, e: [ { x: 1 }, { x: 3 } ] }
+ * const out = pruneToShape(source, shape);
+ */
+declare function pruneToShape<S, Sh>(source: S, shape: Sh): Sh;
+//#endregion
+//#region src/utils/fs.d.ts
+/**
+ * @returns true if a filepath exists
+ */
+declare function exists(filePath: string): Promise<boolean>;
+/**
+ * Writes data to a filepath if it is different
+ * @returns true if the file is written to
+ */
+declare function writeIfDifferent(filePath: string, newData: string): Promise<boolean>;
+/**
+ * @returns the json object packageJson or undefined if it doesnt exist
+ */
+declare function readPackageJson(filePath: string): Promise<PackageJson | undefined>;
+//#endregion
+//#region src/utils/errors.d.ts
+declare function isRecord(value: unknown): value is Record<string, unknown>;
+declare function getErrorName(error: unknown): string | undefined;
+//#endregion
+//#region src/types/safe.d.ts
+type SafeOmit<T, K extends keyof any> = T extends any ? Omit<T, K> : never;
+//#endregion
+export { APIGatewayHandler, ApiEndpoints, ApiErrorBody, ApiInput, ApiOutput, ApiRequestFunction, ApiResponse, ApiSchema, ApiSuccessBody, CleanResponse, DeepOverride, DeepPartial, DeepReadonly, DeepRequired, ErrorBody, ErrorCode, ErrorRawProxyResultV2, FetchResponse, GetSchemaByPathOptions, HTTPMethod, HTTPMethods, LambdaErrorResponse, OkRawProxyResultV2, RawApiGatewayHandler, RawProxyResultV2, SafeOmit, SuccessCode, Toc, TocEntry, changePassword, computeSecretHash, confirmForgotPassword, confirmSignup, createApiRequest, deepDiff, error_cognito, error_dynamo, error_lambda_badRequest, error_lambda_conflict, error_lambda_forbidden, error_lambda_fromCognito, error_lambda_fromDynamo, error_lambda_fromS3, error_lambda_fromSes, error_lambda_internal, error_lambda_notFound, error_lambda_unauthorized, error_s3, error_ses, exists, extractAttributes, extractToc, forgotPassword, getByPath, getCognitoClient, getCookies, getErrorName, getObject, getObjectString, getS3, getSchemaByPath, getSignedUrl, getUserDetails, getUserGroups, isRecord, isSchema, is_s3_notFound, login, logout, objectExists, parseRaw, pruneToShape, readPackageJson, refreshOAuthToken, refreshTokens, resetPassword, response_error, response_ok, response_valibotError, setByPath, signUp, type_error_cognito, type_error_dynamo, type_error_lambda, type_error_lambda_badRequest, type_error_lambda_conflict, type_error_lambda_forbidden, type_error_lambda_fromCognito_options, type_error_lambda_fromCognito_reason, type_error_lambda_fromDynamo_options, type_error_lambda_fromDynamo_reason, type_error_lambda_fromS3_options, type_error_lambda_fromS3_reason, type_error_lambda_fromSes_options, type_error_lambda_fromSes_reason, type_error_lambda_internal, type_error_lambda_notFound, type_error_lambda_unauthorized, type_error_response, type_error_s3, type_error_ses, type_userResponse, unwrap, verifyOAuthToken, wrapHandler, writeIfDifferent };
+//# sourceMappingURL=worker.d.mts.map